Make SA deletion on shutdown the default again. Use -S for failover

situations where you do not want this.

Discussed and agreed on with ho, mcbride, markus, cloder,...  We
will have to teach sasyncd to deal with this.

Testing by msf and hshoexer with help from mtu

ok markus cloder

4 files changed, 11 insertions, 11 deletions

diff --git a/sbin/isakmpd/conf.h b/sbin/isakmpd/conf.h
index 6cebe436dea..b182510a503 100644
--- a/sbin/isakmpd/conf.h
+++ b/sbin/isakmpd/conf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.h,v 1.33 2006/06/10 21:15:45 hshoexer Exp $	 */
+/* $OpenBSD: conf.h,v 1.34 2006/08/30 16:56:56 hshoexer Exp $	 */
 /* $EOM: conf.h,v 1.13 2000/09/18 00:01:47 ho Exp $	 */
 
 /*
@@ -68,7 +68,7 @@
 #define CONF_DFLT_PUBKEY_DIR           ISAKMPD_ROOT "pubkeys/"
 #define CONF_DFLT_KEYNOTE_CRED_DIR     ISAKMPD_ROOT "keynote/"
 
-#define CONF_DFLT_DELETE_SAS		"no"
+#define CONF_DFLT_DELETE_SAS		"yes"
 
 #define CONF_DFLT_TAG_PHASE1_CONFIG    "Default-phase-1-configuration"
 #define CONF_DFLT_PHASE1_EXCH_TYPE     "ID_PROT"
diff --git a/sbin/isakmpd/isakmpd.8 b/sbin/isakmpd/isakmpd.8
index 5990fe19a69..109d27ef47f 100644
--- a/sbin/isakmpd/isakmpd.8
+++ b/sbin/isakmpd/isakmpd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.8,v 1.87 2006/06/29 10:00:49 hshoexer Exp $
+.\" $OpenBSD: isakmpd.8,v 1.88 2006/08/30 16:56:56 hshoexer Exp $
 .\" $EOM: isakmpd.8,v 1.23 2000/05/02 00:30:23 niklas Exp $
 .\"
 .\" Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist.
@@ -264,7 +264,7 @@ are allowed.
 .It Fl S
 When this option is given,
 .Nm
-will delete SAs on shutdown by sending delete messages to all peers.
+will not delete SAs on shutdown by sending delete messages to all peers.
 .It Fl T
 When this option is given, NAT-Traversal will be disabled and
 .Nm
diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c
index 36894ed0a52..8de9a874699 100644
--- a/sbin/isakmpd/isakmpd.c
+++ b/sbin/isakmpd/isakmpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: isakmpd.c,v 1.93 2006/06/10 21:15:45 hshoexer Exp $	 */
+/* $OpenBSD: isakmpd.c,v 1.94 2006/08/30 16:56:56 hshoexer Exp $	 */
 /* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $	 */
 
 /*
@@ -76,7 +76,7 @@ int             debug = 0;
 int		acquire_only = 0;
 
 /* Set when SAs shall be deleted on shutdown. */
-int		delete_sas = 0;
+int		delete_sas = 1;
 
 /*
  * If we receive a SIGHUP signal, this flag gets set to show we need to
@@ -214,7 +214,7 @@ parse_args(int argc, char *argv[])
 			break;
 
 		case 'S':
-			delete_sas = 1;
+			delete_sas = 0;
 			break;
 
 		case 'T':
@@ -317,8 +317,8 @@ daemon_shutdown(void)
 	if (sigtermed == 1) {
 		log_print("isakmpd: shutting down...");
 
-		if (delete_sas ||
-		    !strncmp("yes", conf_get_str("General", "Delete-SAs"), 3)) {
+		if (delete_sas &&
+		    strncmp("no", conf_get_str("General", "Delete-SAs"), 2)) {
 			/*
 			 * Delete all active SAs.  First IPsec SAs, then
 			 * ISAKMPD.  Each DELETE is another (outgoing) message.
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5
index 89328a15ba5..e1a5a708e52 100644
--- a/sbin/isakmpd/isakmpd.conf.5
+++ b/sbin/isakmpd/isakmpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.conf.5,v 1.116 2006/06/11 11:07:41 hshoexer Exp $
+.\" $OpenBSD: isakmpd.conf.5,v 1.117 2006/08/30 16:56:56 hshoexer Exp $
 .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $
 .\"
 .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist.  All rights reserved.
@@ -310,7 +310,7 @@ This tag controls whether
 .Xr isakmpd 8
 deletes SAs on shutdown or not.
 The default value is
-.Qq no .
+.Qq yes .
 .El
 .It Bq Sy Phase 1
 ISAKMP SA negotiation parameter root